Shibboleth
Shibboleth
Shibboleth 410
Shibboleth
RETIRED MACHINE

Shibboleth

Shibboleth - Linux Linux
Shibboleth - Medium Medium

4.8

MACHINE RATING

4522

USER OWNS

4285

SYSTEM OWNS

13/11/2021

RELEASED
Created by knightmare & mrb3n

Machine Synopsis

Shibboleth is a medium difficulty Linux machine featuring IPMI and Zabbix software. IPMI authentication is found to be vulnerable to remote password hash retrieval. The hash can be cracked and Zabbix access can be obtained using these credentials. Foothold can be gained by abusing the Zabbix agent in order to run system commands. The initial password can be re-used to login as the `ipmi-svc` and acquire the user flag. A MySQL service is identified and found to be vulnerable to OS command execution. After successfully exploiting this service a root shell is gained.

Machine Matrix

Ready to start your
hacking journey?